<?php
session_name(DicomScience);
session_start();

/*
 * The writeCases.php Controller listens on http_post option author and message. The Data is stored
 * into the Database. The return object will be nothing. 
 */

// Getting global settings
require_once('../includes/gset.php');

// Defining response language
$session_language = $_SESSION['lang'];
if ($session_language == "") {
	
	// Assuming Controller has not been triggered by a PHP Session
	if ($lang == 1)	{

		require_once ('../includes/language/german.php');	
			
	} elseif($lang == 2){

		require_once ('../includes/language/english.php');
	
	} elseif($lang == 3){

		require_once ('../includes/language/french.php');
	
	}	
	
}

$blogdate = time();

$caseAction = $_POST['action'];
$caseId = $_POST['caseId'];
$caseEditor = $_POST['editor'];
$caseUser = $_POST['userName'];
$caseTopic = $_POST['topic'];
$caseStatus = $_POST['status'];
$caseReport = $_POST['reportNumber'];
$caseMedia = $_POST['mediaNumber'];
$caseCommentText = $_POST['commentText'];
$caseCommentId = $_POST['commentNumber'];

$sql_checkUserid = "SELECT id_staff, username, firstname, lastname from staff WHERE id_staff = '$caseEditor'";

$checkUserid = mysql_query($sql_checkUserid);		
	
	while($id = mysql_fetch_object($checkUserid)){
	
		$usrid = $id->id_staff;
	
	}
if ($usrid == $caseEditor){
	
	/*
	 * ACTION CONTROLLER: WHATTA DO - DEPENDING ON THE ACTION FLAG?
	 */
	if ($caseAction == '1'){
		
		$sql_deleteCase = "DELETE FROM cases WHERE id_case = '$caseId'";
		$sql_do = mysql_query($sql_deleteCase);
		
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '2'){
	
		$sql_updateCase = "UPDATE cases SET topic = '$caseTopic', status = '$caseStatus' WHERE id_case = '$caseId'";
		$sql_do = mysql_query($sql_updateCase);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '3') {
	
		$sql_newCase = "INSERT INTO cases SET editor = '$caseEditor', last_modified = '$blogdate', topic = '$caseTopic', status = '$caseStatus'";
		$sql_do = mysql_query($sql_newCase);
	
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";	
	
	} elseif ($caseAction == '4') {
	
		$sql_addReport = "INSERT INTO creps SET id_case = '$caseId', id_report = '$caseReport'";
		$sql_do = mysql_query($sql_addReport);	

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '5') {
	
		$sql_removeReport = "DELETE FROM creps WHERE id_report = '$caseReport' AND id_case = '$caseId'";
		$sql_do = mysql_query($sql_removeReport);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '6') {
	
		$sql_getMediaType = "SELECT media_type from media WHERE id_media = '$caseMedia'";
		$getMediaType = mysql_query($sql_getMediaType);
		
		while($med = mysql_fetch_object($getMediaType)){
	
			$mediaType = $med->id_staff;
	
		}

		$sql_addMedia = "INSERT INTO c_media SET id_case = '$caseId', id_media = '$caseMedia', media_type = '$mediaType'";
		$sql_do = mysql_query($sql_addMedia);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '7') {
	
		$sql_removeMedia = "DELETE FROM c_media WHERE id_media = '$caseMedia' AND id_case = '$caseId'";
		$sql_do = mysql_query($sql_removeMedia);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
	
	} elseif ($caseAction == '8') {
		
		$sql_addComment = "INSERT INTO comments SET id_staff = '$caseEditor', id_case = '$caseId', comment = '$caseCommentText' posted = '$blogdate";
		$sql_do = mysql_query($sql_addComment);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
		
	} elseif ($caseAction == '9') {
		
		$sql_removeComment = "DELETE FROM comments WHERE id_comment = '$caseCommentId'";
		$sql_do = mysql_query($sql_removeComment);

		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>success</status>";
		echo "</newCase>";
		
	}
 		
} else {
		
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newCase>";
		echo "<status>error</status>";
		echo "</newCase>";

}
?>